-
Notifications
You must be signed in to change notification settings - Fork 0
fix(ci): arm64 rollback smoke gate + dedicated PowerShell lint workflow #32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| name: PowerShell Lint | ||
|
|
||
| # Lints the example PowerShell mirrors (examples/**/*.ps1) with PSScriptAnalyzer. | ||
| # | ||
| # Why a dedicated workflow (not a step in ci.yml or only in verify-extended.yml): | ||
| # - PSScriptAnalyzer needs a Windows runner + the module installed; folding it | ||
| # into the Linux core pipeline would slow every push for a niche check. | ||
| # - It used to live ONLY in verify-extended.yml (workflow_dispatch), so .ps1 | ||
| # regressions surfaced late — a PSUseUsingScopeModifierInNewRunspaces failure | ||
| # in #22 only appeared on a manual Extended Verification run (see issue #28). | ||
| # | ||
| # So: trigger on `.ps1` (and the analyzer settings) changes for fast PR feedback, | ||
| # AND expose `workflow_call` so Extended Verification reuses the same job — one | ||
| # source of truth for "are the .ps1 examples clean?". | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main] | ||
| paths: | ||
| - "examples/**/*.ps1" | ||
| - "examples/PSScriptAnalyzerSettings.psd1" | ||
| - ".github/workflows/lint-powershell.yml" | ||
| pull_request: | ||
| branches: [main] | ||
| paths: | ||
| - "examples/**/*.ps1" | ||
| - "examples/PSScriptAnalyzerSettings.psd1" | ||
| - ".github/workflows/lint-powershell.yml" | ||
| # Reusable: verify-extended.yml calls this so the dispatch path stays covered. | ||
| workflow_call: | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| lint-powershell: | ||
| name: Lint PowerShell examples | ||
| runs-on: windows-latest | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win Pin 🧰 Tools🪛 zizmor (1.26.1)[warning] 40-40: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false (artipacked) [error] 40-40: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy) (unpinned-uses) 🤖 Prompt for AI Agents |
||
| - name: PSScriptAnalyzer | ||
| shell: pwsh | ||
| run: | | ||
| Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser -ErrorAction Stop | ||
| $settings = Join-Path $PWD 'examples/PSScriptAnalyzerSettings.psd1' | ||
| $issues = Get-ChildItem -Recurse -Path examples -Filter *.ps1 | | ||
| ForEach-Object { Invoke-ScriptAnalyzer -Path $_.FullName -Settings $settings } | ||
| $issues | Format-Table -AutoSize | ||
| if ($issues.Count -gt 0) { | ||
| Write-Error "PSScriptAnalyzer found $($issues.Count) issue(s) in example .ps1 scripts" | ||
| exit 1 | ||
| } | ||
| Write-Host "PSScriptAnalyzer: example .ps1 scripts are clean" | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win
Cancel stale lint runs for the same ref.
Without a
concurrencygroup, every push to the same PR can queue another fullwindows-latestlint run, so outdated results can outlive the newest commit. That cuts against the “fast PR feedback” goal of this workflow.Suggested change
on: push: branches: [main] paths: - "examples/**/*.ps1" - "examples/PSScriptAnalyzerSettings.psd1" - ".github/workflows/lint-powershell.yml" pull_request: branches: [main] paths: - "examples/**/*.ps1" - "examples/PSScriptAnalyzerSettings.psd1" - ".github/workflows/lint-powershell.yml" # Reusable: verify-extended.yml calls this so the dispatch path stays covered. workflow_call: +concurrency: + group: powershell-lint-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + permissions: contents: read📝 Committable suggestion
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 16-30: insufficient job-level concurrency limits (concurrency-limits): workflow is missing concurrency setting
(concurrency-limits)
🤖 Prompt for AI Agents
Source: Linters/SAST tools